Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 1996 22:39:18 +1000 (EST)
From:      Darren Reed <avalon@coombs.anu.edu.au>
To:        joerg_wunsch@uriah.heep.sax.de
Cc:        freebsd-hackers@FreeBSD.ORG, danny@auscert.org.au
Subject:   Re: No comment character in hosts.equiv
Message-ID:  <199606251240.FAA21976@freefall.freebsd.org>
In-Reply-To: <199606250802.KAA17967@uriah.heep.sax.de> from "J Wunsch" at Jun 25, 96 10:02:37 am

next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from J Wunsch, sie said:
> 
> As Danny Smith wrote:
> 
> > > Wrong. FreeBSD has a comment char.
> 
> > OK, I verified this on our 2.0.5 test system before mailing.  Looks like I 
> > may have been hit by the "checking the previous version" problem.
> 
> FreeBSD 2.0.5 shipped with commented-out entries in hosts.equiv and
> the sample .rhosts files that caused DNS lookup timeouts (since names
> starting with a hash mark were looked up).  After realizing this, the
> comment-character logic was braught in.
> 
> Anyway, commented-out entries normally don't constitute a security
> hole (unless a potential intruder can manipulate DNS to get the wrong
> name as an alias for his host).

I'd warn against this: FreeBSD is thus different to most other OS's and
suggests security practices which are not safe in all circumstances.

I know some things are "nice" and yes, "lets be different", but for christ
sake, sometimes this just goes too far.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251240.FAA21976>